Reddit has confirmed it recently suffered what seems to have been a fairly significant cyberattack that saw attackers make off with sensitive company data.
In a security notice (opens in new tab), Reddit described the incident as a “sophisticated and highly-targeted phishing attack”.
The company noted that the attackers specifically targeted Reddit, constructing a fake intranet site which, in reality, was nothing more than a phishing landing page designed to steal Reddit employees’ login credentials and multi-factor authentication (MFA) tokens. It seems that no malware (opens in new tab) was used.
Internal documents accessed
After targeting an unknown number of employees, one fell for the trick, giving the attackers access to internal Reddit systems. There, they accessed sensitive data and Reddit source code.
“After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems,” Reddit explained in the announcement.
“We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data).”
The announcement also suggested that users shouldn’t be too worried about their accounts: “Based on our investigation so far, Reddit user passwords and accounts are safe,” it said.
Reddit said it was alerted to the cyberattack by the victim itself, who reported it to the company’s security team, it was added. Further investigation has determined, BleepingComputer reports, that among the data stolen are contact information for company contacts, as well as contact information for current and former employees.
Furthermore, the crooks took data about company advertisers, as well.
Reddit remains operational and the cyberattack did not affect its performance in any way, the company concluded. It also said that it found no evidence the attackers were able to breach production systems used to run the website.
Via: BleepingComputer (opens in new tab)